The latest discovery of a cross-site scripting (XSS) vulnerability on Yahoo is not particularly uncommon, but gives some insight into how exploits for vulnerabilities are priced. According to security blogger Brian Krebs, an exploit being sold by an Egyptian hacker targets an XSS vulnerability in a Yahoo service.

The Egyptian hacker is holding a sale, offering the exploit for $700 where he claims it is usually sold for $1,100 to $1,500 dollars.

__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump

I realize this deals with code stored on the same server, which sets it apart from a normal XSS attack, but am dubious as to how effective the exploit would be if you were using Firefox with it set to warn on redirection, with the NoScript extension, which provides some XSS protection, didn't have the site whitelisted, and didn't allow JS globally, but you can't be too careful.

I do use Yahoo email but still use the old style form which doesn't require JavaScript to be enabled.